shelf_host_validation 1.1.2 copy "shelf_host_validation: ^1.1.2" to clipboard
shelf_host_validation: ^1.1.2 copied to clipboard

Validates the 'Host' and 'Referer' Header so that DNS Rebinding Attacks wont work.

Shelf Host Validation #

Middleware that protects Shelf and DartFrog servers from DNS Rebinding attacks by validating Host and Referer [sic] headers from incoming requests. If a request doesn't contain a whitelisted Host/Referer header, shelf_host_validation will respond with a 403 Forbidden HTTP error. Inspired by https://github.com/brannondorsey/host-validation

Installing #

dart pub add shelf_enforces_ssl

Usage #

Parameters:

  • [hosts] is a list of allowed hosts, can be a RegExp or a String
  • [referer] is list of allowed referer, can be a RegExp or a String
  • [mode] is the [ValidationMode], either or both
  • [errorResponse] is the [Response] which is returned if the validation fails

As shelf middleware #

import 'package:shelf_host_validation/shelf_host_validation.dart';

var handler = const Pipeline()
    .addMiddleware(
      validateHost(
        hosts: ['trusted-host.com'],
        referers: [
          'http://trusted-host.com/login.php',
          RegExp(r'^https:\/\/'),
        ],
      ),
    )
    .addMiddleware(logRequests())
    .addHandler(_echoRequest);

As dart_frog middleware #

import 'package:shelf_host_validation/shelf_host_validation.dart';

Handler enforceSSL(Handler handler) {
  return handler.use(
    fromShelfMiddleware(
      validateHost(
        hosts: ['trusted-host.com'],
        referers: [
          'http://trusted-host.com/login.php',
          RegExp(r'^https:\/\/'),
        ],
      ),
    ),
  );
}
1
likes
160
points
59
downloads

Publisher

verified publisherjxstxn.dev

Weekly Downloads

Validates the 'Host' and 'Referer' Header so that DNS Rebinding Attacks wont work.

Homepage
Repository (GitHub)
View/report issues

Topics

#shelf #dart-frog #middleware #security #dns-rebinding

Documentation

API reference

License

Apache-2.0 (license)

Dependencies

shelf

More

Packages that depend on shelf_host_validation